/
Google Apps

Google Apps

Owned by Francesco Chicchiriccò
Last updated: Dec 28, 2024
3 min read

Overview

Google Apps is a software-as-a-service platform (SAAS) that provides email, calendar, documents and other services. This connector uses the Google Apps provisioning APIs to create, add, delete and modify user accounts and email aliases.

Please note that only the Premium (paid) or Educational versions of Google Apps provide access to the provisioning APIs. This connector will not work on free Google Apps domains.

More information on Google Apps can be found here.

Installation

To install the Google Apps connector, add the bundle JAR file to a directory on your disk. If your application has a dedicated directory for connector bundles, put the file in that directory. For example, Apache Syncope looks for connector bundles in the configured bundles directory.

Supported Operations

The Google Apps connector supports the following operations:

  • Authentication

  • Create

  • Delete

  • Get

  • Schema

  • ScriptOnConnector

  • Search

  • Test

  • Update

  • Validate

Configuration

The following table lists all the configuration properties you can specify when setting up the Google Apps connector:

Configuration Property

Required

Type

Default Value

Description

Configuration Property

Required

Type

Default Value

Description

domain

X

String

 

Internet domain name. See https://support.google.com/a/answer/177483?hl=en

clientId

X

String

 

Client identifier issued to the client during the registration process.

clientSecret

X

GuardedString

 

Client secret issued to the client during the registration process.

refreshToken

X

GuardedString

 

The refresh token allows you to get a new access token that is good for another hour. Refresh tokens never expire, they can only be revoked by the user or programatically by your app.

Search Projection

 

String

basic

What subset of fields to fetch for this user. Acceptable values are: basic (Do not include any custom fields for the user. Set as default), custom (Include custom fields from schemas requested in customFieldMask), full (Include all fields associated with this user).

Custom Schemas configuration

 

String

 

JSON representation of a Resource Schema where you can specify your custom schemas (in order to see them during search you must set projection to value "full").
Example: 

[ { "name":"customSchemaName", "multiValued":false, "type":"object", "innerSchemas":[ { "name":"customFieldName", "multiValued":false, "type":"boolean", "innerSchemas":[ ] } ] } ]

 

Obtaining the configuration parameter values

  1. Log in to your Google Apps Admin Console (at https://console.cloud.google.com/apis/credentials) and create new project.

  2. In the ID client OAuth 2.0 section if needed configure OAUTH consent section then create credentials for Desktop application and finally download the related client_secrets.json file.

  3. From the leftmost menu "API and enabled  services" enable the "Admin SDK API".
    For more information on these APIs, navigate to the Google Developers interface, and search for these APIs.

  4. Download the Google Apps connector bundle

  5. Change to the directory where you have downloaded the bundle and run the following command on the client_secrets.json file that you obtained earlier in this procedure:

    $ jar xvf net.tirasa.connid.bundles.googleapps-1.4.3.jar $ java -jar net.tirasa.connid.bundles.googleapps-1.4.3-credentials-generator.jar /path/to/client_secrets.json Request Url is https://accounts.google.com/o/oauth2/auth?client_id=xxxxx&redirect_uri=http://localhost:8080/code-processor&response_type=code&scope=https://www.googleapis.com/auth/admin.directory.group%20https://www.googleapis.com/auth/admin.directory.orgunit%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/apps.licensing&state=/profile Opening browser in the current session. ...

    This command opens the default browser (if not please use the link just after the log "Request url is"), and loads a screen on which you authorize consent to access the Google Apps account.

     

  6. When you have authorized consent, the browser returns a code, that is automatically ingested by an API exposed by the credentials-generator application.

    If the process succeded, you should see in the browser (and also the logs of the credentials-generator application) a response similar to the following one: 

    { "clientId" : "5x4x3x4x0x8x-cxlx3xsxcx8xixlxmx3x0xrxgx7x6x3x.apps.googleusercontent.com", "clientSecret" : "0xhx9xrx8xdxqx9xDxjxUx3x", "refreshToken" : "1x7xmxfx_yxuxNxUxFxjxVxVxkxXx3XxHxMxYxzx5xcxI" }

     

  7. You can now use the information above to populate the configuration properties as reported above.